>- see footer for list info -<
Nice ;)
Snake wrote:
>> - see footer for list info -<
>>
> Yes that would be simple.
> <input type="text" name="timer" value="#now()#">
>
> And on the submit page, lets assume you know it takes a human at
least 1
> minute to fill out your form.
>
> <cfif Datediff('n', form.timer, now()) LT 1>
> Reject
> </cfif>
>
> Russ
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dominic
Watson
> Sent: 18 August 2006 01:20
> To: Coldfusion Development
> Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>
>
>> - see footer for list info -<
>>
> I am an ignoramus on this subject but a thought occurred to me whilst
> reading....
>
> When a bot does this auto form filling, does it do it instantly? If
so,
> would it be possible to somehow measure the time taken to fill in the
form
> (time taken between requesting the form page and the form result page
> perhaps). Based on this time, the server could then reject the form
> submission or allow it.
>
> A thought. I'm sure not an original one.
>
> On 17/08/06, Snake <[EMAIL PROTECTED]> wrote:
>
>>> - see footer for list info -<
>>>
>> Usually they are trying to hack vulnerabilities in web sites that
>> allow thent o modify the mail headers and send spam out to multiple
>> people via your mail forms.
>> CF doesn't suffer form this problem, so only the person who is meant
>> to get the feedback form gets the spam.
>>
>> Russ
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Damien
>> Gallagher
>> Sent: 17 August 2006 09:22
>> To: Coldfusion Development
>> Subject: Re: [Spam] Re: [CF-Dev] Help ..!
>>
>>
>>> - see footer for list info -<
>>>
>> Out of interest, what are they getting out of submitting, say, a
>> feedback form loads of times?
>>
>>
>>
>> Rich Wild wrote:
>>
>>
>>>> - see footer for list info -<
>>>>
>>> oh, I see, that's what a captcha is..
>>>
>>> God I'm so old, I can't keep up with these new fangled wizbits.
>>>
>>> Anyway, if like me, you're not a fan of plugging other people's
>>> things into your site without knowing what they do, that's basically
>>> the theory.
>>>
>>> On 8/16/06, Rich Wild <[EMAIL PROTECTED]> wrote:
>>>
>>>
>>>> "The only difficulty would this is get-aroundable by bots, assuming
>>>> any bot writer cares enough about your site to spend the time
>>>> rewriting their bot to regex your form field to get the magic
>>>> word."
>>>>
>>>> Aha - so don't use words, use images.
>>>>
>>>> I've done this before, and its a little fiddly, but practically
>>>> 100% spam safe.
>>>>
>>>> On the page hit, read a directory full of images that have magic
>>>> words written on them, the file called the same as the magic word.
>>>>
>>>> Get a random one of those filenames:
>>>> <cfset session.secureImageName = qryImageNames.name[randrange(1,
>>>> qryImageNames.recordcount)]>
>>>>
>>>> set that to a session and display the image in the form - however,
>>>>
>> don't
>>
>>>> display it using simple <img src="images/secureImages/HYU78.jpg">
>>>>
>>>> instead, use a CF page that serves up an image with the appropriate
>>>> mimetype using cfcontent
>>>>
>>>> <img src="serveSecureImage.cfm">
>>>>
>>>> In serveSecureImage.cfm, you read the session variable (
>>>> session.secureImageName ) you set before and return that using
>>>> cfcontent.
>>>> This means that bots can't simply read the html on the page and
>>>> find
>>>>
>> the
>>
>>>> filename and use that in the input as the magic word.
>>>>
>>>> Alternatively, use an image making tag to write a randomly pulled
>>>> magic word from a database or equivalent and simply serve that -
>>>> this way
>>>>
>> just
>>
>>>> stops you having to have a directory full of images, but I had fun
>>>> making those.
>>>>
>>>> If the magic word posted in the form don't fit the served image -
>>>> don't send the mail!
>>>>
>>>> Richio McStitchio
>>>> Chief Neckchief
>>>> http://www.theideasbarn.com
>>>>
>>>>
>>>>
>>>> On 8/16/06, Duncan Cumming <[EMAIL PROTECTED]> wrote:
>>>>
>>>>>> - see footer for list info -<
>>>>>>
>>>>> I'm not a fan of captchas. Generally inacessible, unless you
>>>>> also
>>>>>
>>>> make
>>>>
>>>>> an audio version available, and even then not the nicest hoop to
>>>>>
>>>> make users
>>>>
>>>>> jump through.
>>>>>
>>>>> One method I've seen elsewhere, but haven't used myself, is an
>>>>> additional input box:
>>>>> The magic word is blah. Please enter the magic word.
>>>>>
>>>>> The only place I've seen this method is the mysociety sites, e.g:
>>>>> http://www.mysociety.org/?p=103
>>>>>
>>>>> The only difficulty would this is get-aroundable by bots,
>>>>> assuming
>>>>>
>> any
>>
>>>>> bot writer cares enough about your site to spend the time
>>>>> rewriting
>>>>>
>>>> their
>>>>
>>>>> bot to regex your form field to get the magic word.
>>>>>
>>>>>
>>>>> Duncan Cumming
>>>>> New Media Developer
>>>>> Customer Relations Management / Education Fife Council 700 4105 /
>>>>> 01592 414105
>>>>>
>>>>>
>>>>>>>> [EMAIL PROTECTED] 16/08/2006 14:25 >>>
>>>>>>>>
>>>>>> - see footer for list info -<
>>>>>>
>>>>> Hi all.
>>>>>
>>>>> I have a contact form which submits an email (cfmail) The form is
>>>>> being hit by a web bot and sent hundreds of times
>>>>>
>>>>> Is there any way I can stop this?
>>>>>
>>>>> regards - paul
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> For details on ALL mailing lists and for joining or leaving
>>>>> lists,
>>>>>
>>>> go to
>>>>
>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo
>>>>>
>>>>> --
>>>>> CFDeveloper Sponsors:-
>>>>>
>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>>>>>> - Lists hosted by www.Gradwell.com -<
>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>>>>>> your
>>>>>>
>>>> help
>>>>
>>>>> -<
>>>>>
>>>>>
>>>>>
>>>>>
>>
**********************************************************************
>>
>>>>> This email and any files transmitted with it are confidential and
>>>>> intended solely for the use of the individual or entity to whom
>>>>>
>>>> they are
>>>>
>>>>> addressed and should not be disclosed to any other party.
>>>>> If you have received this email in error please notify your
>>>>> system manager and the sender of this message.
>>>>>
>>>>> This email message has been swept for the presence of computer
>>>>>
>> viruses
>>
>>>>> but no guarantee is given that this e-mail message and any
>>>>>
>>>> attachments are
>>>>
>>>>> free from viruses.
>>>>>
>>>>> Fife Council
>>>>> Tel: 08451 55 00 00
>>>>> ************************************************
>>>>>
>>>>> _______________________________________________
>>>>>
>>>>> For details on ALL mailing lists and for joining or leaving
>>>>> lists,
>>>>>
>>>> go to
>>>>
>>>>> http://list.cfdeveloper.co.uk/mailman/listinfo
>>>>>
>>>>> --
>>>>> CFDeveloper Sponsors:-
>>>>>
>>>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>>>>>> - Lists hosted by www.Gradwell.com -<
>>>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer
>>>>>> your
>>>>>>
>>>> help
>>>>
>>>>> -<
>>>>>
>>>>>
>>>>
>>> _______________________________________________
>>>
>>> For details on ALL mailing lists and for joining or leaving lists,
>>> go to http://list.cfdeveloper.co.uk/mailman/listinfo
>>>
>>> --
>>> CFDeveloper Sponsors:-
>>>
>>>
>>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>>>> - Lists hosted by www.Gradwell.com -<
>>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>>>> help -<
>>>>
>>>
>>>
>> _______________________________________________
>>
>> For details on ALL mailing lists and for joining or leaving lists, go
>> to http://list.cfdeveloper.co.uk/mailman/listinfo
>>
>> --
>> CFDeveloper Sponsors:-
>>
>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>>> - Lists hosted by www.Gradwell.com -<
>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>>> help
>>>
>> -<
>>
>>
>> _______________________________________________
>>
>> For details on ALL mailing lists and for joining or leaving lists, go
>> to http://list.cfdeveloper.co.uk/mailman/listinfo
>>
>> --
>> CFDeveloper Sponsors:-
>>
>>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>>> - Lists hosted by www.Gradwell.com -<
>>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
>>> help
>>>
>> -<
>>
>>
> _______________________________________________
>
> For details on ALL mailing lists and for joining or leaving lists,
go to
> http://list.cfdeveloper.co.uk/mailman/listinfo
>
> --
> CFDeveloper Sponsors:-
>
>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> - Lists hosted by www.Gradwell.com -<
>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
>> -<
>>
>
>
> _______________________________________________
>
> For details on ALL mailing lists and for joining or leaving lists,
go to
http://list.cfdeveloper.co.uk/mailman/listinfo
>
> --
> CFDeveloper Sponsors:-
>
>> - cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>> - Lists hosted by www.Gradwell.com -<
>> - CFdeveloper is run by Russ Michaels, feel free to volunteer your
help
-<
>>
>
>
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- cfdeveloper Hosting provided by www.cfmxhosting.co.uk -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
